Getting Cybersecurity to Work isn’t Going to Work without Doing the Work

Earl Perkins has an interesting post on the Gartner Blog Network about the topic of security.

I thought it would be appropriate to start off 2015 by adding my voice to a rising chorus from advisors, consultants and others in the cybersecurity industry with a short and simple message. We as an industry cannot help you if you’re not willing to help yourselves. And helping yourselves means you have to do (at the very least) the minimum required to secure yourselves from the most common types of cybersecurity threats and attacks.

Now this may seem to be an obvious comment and you may be wondering “why is he wasting my time telling me this”. I’m taking the time to do so because frankly many of you do not appear to be listening. It may be time to be a bit more blunt and direct. There are and have been reams of research and guidance written and delivered over the years that outline the basic principles and practices to establish cybersecurity strategy, governance, planning, management and operations. Descriptions of these steps to core competence can be found not only in Gartner research but from many other sources. Establishing this core competence for many of you does not require large or expensive purchases of technology and services, nor does it require major shifts or changes in process or organization. But it DOES require a level of discipline, structure and cultural change regarding where cybersecurity fits within your organization and the priority that you give changes that must and should occur. This core competence does require a level of communication and awareness that is apparently not working in its current form of delivery. It requires a level of coordination with service providers, supply chain partners and external parties that does not appear to be taking place.

Last summer, I read Michael J. Daugherty’s book “The Devil inside the Beltway” and I thought ‘Thank God I don’t have to deal with his issues’, however, I just took a position with a healthcare firm that must comply with HIPAA and HITTECH and as the Marketing Manager who is also involved in technology issues, there is nothing more important than cybersecurity — to ignore it is to risk losing your business!

In our case, we rely heavily on our partner Netgain in St. Cloud to ‘watch our six’ but there’s always the fear that someone could install LimeWire or its modern day equivalent and bring down the house a la LabMD. Every employee must understand that the technology they use is not theirs and that it’s provided to do a job and that they must comply with security requirements. Cybersecurity is the responsibility of EVERY employee…